Rescope Versions Save

Fixed

• Fixed issue with hackerone resulting in panic due to missing security headers. Resolves #13
• Updated parser to reflect changes in bugcrowd/federacy site layout. Resolves #11
• Updated http client request to reflect changes in hackerone site layout. Resolves #12

Fixed

• Updated parser to reflect changes in bugcrowd/federacy site layout. Resolves #11

Added

• New flag --resolveConflicts (Resolve all exclude conflicts (Say 'Y' to all)
• New flag --avoid3P (Avoid all third party resources (Say 'Y' to all))
• Parse private HackerOne scopes by setting X-Auth-Token in H1_TOKEN environment variable

Fixed

• Fixed package that was conflicting with errors interface introduced in golang 1.13. This led to unexpected panics when using the -u|--url flags to obtain scopes from bugbounty programs.
• Parsing from Bugcrowd should now work with new site layout
• Fixed out of bounds error when removing third party resources from scope
• #8 Fixed segfault when parsing scopes from intigriti due to layout change. Ref a26631c
• Fixed bug that caused misaligned lists when HackerOne was included to multi-scopes.
• rescope will no longer throw exceptions when program names are upper-cased.
• Fixed segfault when parsing scopes from openbugbounty.org caused by changes to program URL structure.
• Fixed multi-scope conflict entanglement.
• #9 Fixed bug that caused segfault when infile contained single IP's (3423ba0).
• #10 Fixed issue that led rescope to crash when https:// were missing in -u|--url for hackerone programs.

Improved

• Migrated vendoring to Go Modules
• HackerOne scopes will now include IP/CIDR in addition to URLs.
• The -b|--burp flag is no longer needed as results are outputted as Burp-compatible JSON - by default.
• The -o|--outfile is no longer required as results are saved to a default filename in the working dir.

Improvements

• Cleaner project structure. Packages now live in internal/ rather than project root.

Added

• File configs/services which lists a bunch of service names and ports. With this, rescope is able to identify ports for targets that has schemes but no port specified. For now this is used when parsing to Burp. Example:

  • ftps://example.com => port: 990
  • https://example.com:21 => port: 443,21

• Port 80,443 to Burp scope when identifier has no scheme and no port. This'll prevent people from touching ports that're otherwise (not clearly defined) out of bounds. Example:

  • example.com => port: 80,443

Changed

• How Burp/ZAP is specified from the cli. Now using flags instead.
• How identified targets are printed. rescope will now include a leading +/- for each target to better indicate which are includes and excludes. Perhaps that'll make things clearer for those who are color blind.
• rescope will now handle !EXCLUDE tag having leading/preceding text on the same line.

Fixed

• A filepath issue that resulted in panic upon parsing to ZAP from executable that resided outside of package directory.
• An issue that resulted in IP ranges/CIDR from being parsed correctly.
• Burp parsing inaccuracy for certain targets having both http(s) and ports. Rescope will now include protocol ports (80|443) and host port when parsing to Burp.
• Minor issue that prevented --version from being displayed.

Added

• CHANGELOG.md

Added

• Some unit test functions

Fixed

• #6 Identifiers with upper-case should no longer be omitted.
• bugbounty.jp with missing scheme will no longer cause segfault.
• Scopes having avoided or conflicted targets on the last line should no longer cause out-of-bounds in removing them.
• Rare occurence where identifiers ending in .* extension, that also has multiple wildcards in domain did not parse correctly.

Improved

• rescope should now target domain assets only, when parsed from hackerone.com

Added

• Support for bugbounty.jp
• Support for federacy.com
• New flag --raw that outputs naked (in-scope) definitions to file. Useful in working with other tools and programs.
• Support for resolving identifiers that conflict (overlap) with wilcarded excludes. Such conflict renders affected "in-scope" targets ineffective as excludes are prioritized in Burp/ZAP. This occurs when scopes are not properly defined, which if fairly common to see in BaaS programs.
• Support for avoiding certain third party resources, such as github.com, itunes.apple.com, play.google.com, etc, which is generally not something you want to scan/spider. Services are defined in configs/avoid.txt. Met condition will prompt user as to whether affected targets should be ignored.

Fixed

• Missing scopename prompt when parsing to ZAP without --name specified
• Targets like www.*.example.com and *.*.example.com should now parse correctly.
• Single IP's should now identify correctly.
• Bug that resulted in IP-ranges from being identified.

Improved

• List handling to free up some unnecessary looping and improve extensibility.

Fixed

• #5 Targets separated by comma should now be grabbed correctly.
• #4 Intigriti programs should no longer parse with duplicate exclude definitions
• #3 Bug that caused fatal exit upon providing full intigriti program URL
• #2 Bug that caused duplicate scope definitions after parsing more than one program from one of the same affected services; hackerone, intigriti, yeswehack.
• Improper regex matching leading to strings having numbers and slashes to be matched as CIDR
• Wildcarded subdomains not parsing to Burp correctly

Added

• Support for matching targets with s3 schema

Added

• New feature that makes it possible to parse scopes directly from public bugbounty programs.
• New flag (-u | --url) related to the above.
• Option to specify includes (aside from excludes) with the optional !INCLUDE tag.
• New flag (--itag) related to the above.
• Gopkg files for dep management.

Fixed

• Minor bug that caused certain number formats in string to match as valid targets.
• Bug that prevented targets with ports from being set in Zap context.
• Bug that prevented targets with leading wildcard and no immediate dot from being fully matched.

Changed

• Replaced the previous vendor package 'github.com/fatih/color' with 'github.com/gookit/color' for adding colors support as the former project was no longer maintained.
• General commenting and code impovements.
• Changed --extag to -etag and removed the short version.

Improvements

• Cleaner project structure. Packages now live in internal/ rather than project root.

Added

• File configs/services which lists a bunch of service names and ports. With this, rescope is able to identify ports for targets that has schemes but no port specified. For now this is used when parsing to Burp. Example:

  • ftps://example.com => port: 990
  • https://example.com:21 => port: 443,21

• Port 80,443 to Burp scope when identifier has no scheme and no port. This'll prevent people from touching ports that're otherwise (not clearly defined) out of bounds. Example:

  • example.com => port: 80,443